Split event into multiples and parse with grok separately

Daniel_Jankech · February 24, 2021, 10:38am

Hello, I'm back with another question. From my understanding split function is used to split lets say messages into multiple lines of code and then you use grok to parse this into a single list of variables. However what Im trying to do is divide my log file containing multiple events into single events starting with keyword1 and ending with keyword2 and parse these with grok. Is this even possible ? Should I split the field externally and send in the separate events ?

I would like to input 1 file , resulting in for example 5 events each parsed with grok and each having its own output.

aaron-nimocks · February 25, 2021, 1:20pm

Can you share your raw data and give an example of expected output?

Daniel_Jankech · February 26, 2021, 2:45pm

Hi , I realised this would not be a correct way of doing things but thanks for the response.

system · March 26, 2021, 2:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash + XML + Multiple split Logstash	2	327	April 1, 2022
Logstash problems with splitting on field value Logstash	3	455	June 19, 2022
Split event into multiple different messages Logstash	5	1839	July 27, 2018
Split an event into multiple events Logstash	2	786	August 28, 2017
Logstash - split array into individual events Logstash	7	6363	June 16, 2019

Split event into multiples and parse with grok separately

Related topics